diff --git a/.github/CODEOWNERS.md b/.github/CODEOWNERS.md new file mode 100644 index 0000000..cdf81a7 --- /dev/null +++ b/.github/CODEOWNERS.md @@ -0,0 +1 @@ +* @ThomasVitale \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md index 25c4f24..596f0bf 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.md +++ b/.github/ISSUE_TEMPLATE/bug-report.md @@ -2,7 +2,7 @@ name: Bug report about: Tell us about a problem you are experiencing title: '' -labels: bug +labels: bug, triage assignees: '' --- @@ -19,10 +19,8 @@ assignees: '' **Anything else you would like to add:** [Additional information that will assist in solving the issue.] -**Additional context:** -Add any other context about the problem here. - **Environment:** -- Kubernetes version (execute `kubectl version`): -- kapp-controller version (execute `kubectl get deployment -n kapp-controller kapp-controller -o yaml` and the annotation is `kbld.k14s.io/images`): +* Kubernetes version (execute `kubectl version`): +* kctrl version (execute `kctrl version`): +* kapp-controller version (execute `kubectl get deployment -n kapp-controller kapp-controller -o yaml` and the annotation is `kbld.k14s.io/images`): diff --git a/.github/ISSUE_TEMPLATE/feature-request.md b/.github/ISSUE_TEMPLATE/feature-request.md index 87c8ff2..270da4e 100644 --- a/.github/ISSUE_TEMPLATE/feature-request.md +++ b/.github/ISSUE_TEMPLATE/feature-request.md @@ -2,7 +2,7 @@ name: Feature request about: Suggest an idea for this project title: '' -labels: enhancement +labels: enhancement, triage assignees: '' --- diff --git a/.github/ISSUE_TEMPLATE/other-request.md b/.github/ISSUE_TEMPLATE/other-request.md new file mode 100644 index 0000000..b5722c0 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/other-request.md @@ -0,0 +1,8 @@ +--- +name: Other issue or question +about: Free form issue or question +title: '' +labels: triage +assignees: '' + +--- diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8cf2922..de6e0b4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,6 +18,6 @@ jobs: registry-server: ghcr.io registry-username: ${{ github.actor }} image: ${{ github.repository }} - version: 0.6.2+kadras.1 + version: 0.6.2+kadras.2 secrets: pull-request-token: ${{ secrets.GH_ORG_PAT }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3e3c1a1..f8cf6f0 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -8,14 +8,15 @@ jobs: name: Configuration Tests permissions: contents: read - uses: kadras-io/github-reusable-workflows/.github/workflows/package-test-config.yml@main - with: - command: make test-config + uses: kadras-io/github-reusable-workflows/.github/workflows/carvel-package-test-config.yml@main test-integration: name: Integration Tests + strategy: + matrix: + k8s_version: [v1.24, v1.25, v1.26] permissions: contents: read - uses: kadras-io/github-reusable-workflows/.github/workflows/package-test-integration.yml@main + uses: kadras-io/github-reusable-workflows/.github/workflows/carvel-package-test-integration.yml@main with: - command: make test-integration + k8s_version: ${{ matrix.k8s_version }} diff --git a/.gitignore b/.gitignore index a67fc6b..2baf84c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,12 @@ ### Carvel ### carvel-artifacts/ repo/ +schema-openapi.yml + +### KUTTL ### +test/integration/kubeconfig +test/integration/kuttl-artifacts +kubeconfig # Binaries for programs and plugins *.exe diff --git a/MAINTAINERS.md b/MAINTAINERS.md new file mode 100644 index 0000000..2249643 --- /dev/null +++ b/MAINTAINERS.md @@ -0,0 +1,3 @@ +# Maintainers + +* Thomas Vitale | [ThomasVitale](https://github.com/ThomasVitale) \ No newline at end of file diff --git a/Makefile b/Makefile index aa30c55..7804e0b 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,35 @@ +K8S_VERSION=v1.26 + +# Build package configuration +build: package + cd package && kctrl package init + +# Prepare cluster for development workflow +prepare: test/setup + ytt -f test/setup/assets/namespace.yml | kapp deploy -a ns -f- -y + ytt -f test/setup/assets/rbac.yml | kapp deploy -a rbac -f- -y + kubectl config set-context --current --namespace=tests + +# Inner development loop +dev: package + cd package && kctrl dev -f package-resources.yml --local -y + +# Clean development environment +clean: + cd package && kctrl dev -f package-resources.yml --local -y --delete + +# Process the configuration manifests with ytt +ytt: + ytt --file package/config + # Use ytt to generate an OpenAPI specification schema: - ytt -f package/config/values-schema.yml --data-values-schema-inspect -o openapi-v3 > package/config/schema-openapi.yml + ytt -f package/config/values-schema.yml --data-values-schema-inspect -o openapi-v3 > schema-openapi.yml -# Check the ytt-annotated Kubernetes configuration +# Check the ytt-annotated Kubernetes configuration and its validation test-config: - ytt --file package/config + ytt -f package/config | kubeconform -ignore-missing-schemas -summary -# Run package tests -test-integration: test/test.sh - chmod +x test/test.sh - ./test/test.sh +# Run package integration tests +test-integration: test/integration + kubectl kuttl test --config test/integration/kuttl-test.yml --kind-config test/setup/kind/$(K8S_VERSION)/kind-config.yml diff --git a/README.md b/README.md index dfd7005..e88a4e8 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,16 @@ # Metrics Server -The SLSA Level 3 badge +![Test Workflow](https://github.com/kadras-io/package-for-kpack/actions/workflows/test.yml/badge.svg) +![Release Workflow](https://github.com/kadras-io/package-for-kpack/actions/workflows/release.yml/badge.svg) +[![The SLSA Level 3 badge](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev/spec/v0.1/levels) +[![The Apache 2.0 license badge](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) +[![Follow us on Twitter](https://img.shields.io/static/v1?label=Twitter&message=Follow&color=1DA1F2)](https://twitter.com/kadrasIO) -This project provides a [Carvel package](https://carvel.dev/kapp-controller/docs/latest/packaging) for [Metrics Server](https://github.com/kubernetes-sigs/metrics-server), a scalable and efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines. +A Carvel package for [Metrics Server](https://github.com/kubernetes-sigs/metrics-server), a scalable and efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines. -## Prerequisites +## šŸš€  Getting Started + +### Prerequisites * Kubernetes 1.24+ * Carvel [`kctrl`](https://carvel.dev/kapp-controller/docs/latest/install/#installing-kapp-controller-cli-kctrl) CLI. @@ -12,60 +18,61 @@ This project provides a [Carvel package](https://carvel.dev/kapp-controller/docs ```shell kapp deploy -a kapp-controller -y \ - -f https://github.com/vmware-tanzu/carvel-kapp-controller/releases/latest/download/release.yml + -f https://github.com/carvel-dev/kapp-controller/releases/latest/download/release.yml ``` -## Installation +### Installation -First, add the [Kadras package repository](https://github.com/kadras-io/kadras-packages) to your Kubernetes cluster. +Add the Kadras [package repository](https://github.com/kadras-io/kadras-packages) to your Kubernetes cluster: ```shell kubectl create namespace kadras-packages - kctrl package repository add -r kadras-repo \ + kctrl package repository add -r kadras-packages \ --url ghcr.io/kadras-io/kadras-packages \ -n kadras-packages ``` -Then, install the Metrics Server package. +
Installation without package repository +The recommended way of installing the Metrics Server package is via the Kadras package repository. If you prefer not using the repository, you can add the package definition directly using kapp or kubectl. ```shell - kctrl package install -i metrics-server \ - -p metrics-server.packages.kadras.io \ - -v 0.6.2+kadras.1 \ - -n kadras-packages + kubectl create namespace kadras-packages + kapp deploy -a metrics-server-package -n kadras-packages -y \ + -f https://github.com/kadras-io/package-for-metrics-server/releases/latest/download/metadata.yml \ + -f https://github.com/kadras-io/package-for-metrics-server/releases/latest/download/package.yml ``` +
-### Verification - -You can verify the list of installed Carvel packages and their status. +Install the Metrics Server package: ```shell - kctrl package installed list -n kadras-packages + kctrl package install -i metrics-server \ + -p metrics-server.packages.kadras.io \ + -v ${VERSION} \ + -n kadras-packages ``` -### Version +> **Note** +> You can find the `${VERSION}` value by retrieving the list of package versions available in the Kadras package repository installed on your cluster. +> +> ```shell +> kctrl package available list -p metrics-server.packages.kadras.io -n kadras-packages +> ``` -You can get the list of Metrics Server versions available in the Kadras package repository. +Verify the installed packages and their status: ```shell - kctrl package available list -p metrics-server.packages.kadras.io -n kadras-packages + kctrl package installed list -n kadras-packages ``` -## Configuration +## šŸ“™  Documentation -The Metrics Server package has the following configurable properties. +Documentation, tutorials and examples for this package are available in the [docs](docs) folder. +For documentation specific to Metrics Server, check out [github.com/kubernetes-sigs/metrics-server](https://github.com/kubernetes-sigs/metrics-server). -| Value | Required/Optional | Description | -|-------|-------------------|-------------| -| `metricsServer.createNamespace` | Optional | Whether to create namespace specified for metrics-server. Default value is `true`. | -| `metricsServer.namespace` | Optional | The namespace value used by older templates, will be overwriten if top level namespace is present, kept for backward compatibility. Default value is `null`. | -| `metricsServer.config.securePort` | Optional | TThe HTTPS secure port used by metrics-server. Default: `4443`. | -| `metricsServer.config.updateStrategy` | Optional | TThe update strategy of the metrics-server deployment. Default: `RollingUpdate` | -| `metricsServer.config.probe.failureThreshold` | Optional | Probe failureThreshold of metrics-server deployment. Default: `3`. | -| `metricsServer.config.probe.periodSeconds` | Optional | Probe period of metrics-server deployment. Default: `10` . | -| `metricsServer.config.apiServiceInsecureTLS`| Optional | Whether to enable insecure TLS for metrics-server api service. Default: `True`. | +## šŸŽÆ  Configuration -You can define your configuration in a `values.yml` file. +The Metrics Server package can be customized via a `values.yml` file. ```yaml metricsServer: @@ -73,55 +80,42 @@ You can define your configuration in a `values.yml` file. securePort: 4443 ``` -Then, reference it from the `kctrl` command when installing or upgrading the package. +Reference the `values.yml` file from the `kctrl` command when installing or upgrading the package. ```shell kctrl package install -i metrics-server \ -p metrics-server.packages.kadras.io \ - -v 0.6.2+kadras.1 \ + -v ${VERSION} \ -n kadras-packages \ --values-file values.yml ``` -## Upgrading - -You can upgrade an existing package to a newer version using `kctrl`. +### Values - ```shell - kctrl package installed update -i metrics-server \ - -v \ - -n kadras-packages - ``` - -You can also update an existing package with a newer `values.yml` file. - - ```shell - kctrl package installed update -i metrics-server \ - -n kadras-packages \ - --values-file values.yml - ``` - -## Other +The Metrics Server package has the following configurable properties. -The recommended way of installing the Metrics Server package is via the [Kadras package repository](https://github.com/kadras-io/kadras-packages). If you prefer not using the repository, you can install the package by creating the necessary Carvel `PackageMetadata` and `Package` resources directly using [`kapp`](https://carvel.dev/kapp/docs/latest/install) or `kubectl`. +
Configurable properties - ```shell - kubectl create namespace kadras-packages - kapp deploy -a metrics-server-package -n kadras-packages -y \ - -f https://github.com/kadras-io/package-for-metrics-server/releases/latest/download/metadata.yml \ - -f https://github.com/kadras-io/package-for-metrics-server/releases/latest/download/package.yml - ``` +| Value | Required/Optional | Description | +|-------|-------------------|-------------| +| `metricsServer.createNamespace` | Optional | Whether to create namespace specified for metrics-server. Default value is `true`. | +| `metricsServer.namespace` | Optional | The namespace value used by older templates, will be overwriten if top level namespace is present, kept for backward compatibility. Default value is `null`. | +| `metricsServer.config.securePort` | Optional | TThe HTTPS secure port used by metrics-server. Default: `4443`. | +| `metricsServer.config.updateStrategy` | Optional | TThe update strategy of the metrics-server deployment. Default: `RollingUpdate` | +| `metricsServer.config.probe.failureThreshold` | Optional | Probe failureThreshold of metrics-server deployment. Default: `3`. | +| `metricsServer.config.probe.periodSeconds` | Optional | Probe period of metrics-server deployment. Default: `10` . | +| `metricsServer.config.apiServiceInsecureTLS`| Optional | Whether to enable insecure TLS for metrics-server api service. Default: `True`. | -## Support and Documentation +
-For support and documentation specific to Metrics Server, check out [https://github.com/kubernetes-sigs/metrics-server](https://github.com/kubernetes-sigs/metrics-server). +## šŸ›”ļø  Security -## References +The security process for reporting vulnerabilities is described in [SECURITY.md](SECURITY.md). -This package is based on the original Metrics Server package used in [Tanzu Community Edition](https://github.com/vmware-tanzu/community-edition) before its retirement. +## šŸ–Šļø  License -## Supply Chain Security +This project is licensed under the **Apache License 2.0**. See [LICENSE](LICENSE) for more information. -This project is compliant with level 3 of the [SLSA Framework](https://slsa.dev). +## šŸ™  Acknowledgments -The SLSA Level 3 badge +This package is inspired by the original kpack package used in the [Tanzu Community Edition](https://github.com/vmware-tanzu/community-edition) project before its retirement. diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..3ef9d1a --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,5 @@ +# Security Policy + +## Reporting a Vulnerability + +If you know of a vulnerability in this project, please reach out to security@kadras.io and we will get back to you as soon as possible. diff --git a/docs/verify-release.md b/docs/verify-release.md new file mode 100644 index 0000000..fb325ee --- /dev/null +++ b/docs/verify-release.md @@ -0,0 +1,37 @@ +# Verifying the Tekton Pipelines Package Release + +This package is published as an OCI artifact, signed with Sigstore [Cosign](https://docs.sigstore.dev/cosign/overview), and associated with a [SLSA Provenance](https://slsa.dev/provenance) attestation. + +Using `cosign`, you can display the supply chain security related artifacts for the `ghcr.io/kadras-io/package-for-metrics-server` images. Use the specific digest you'd like to verify. + +```shell +cosign tree ghcr.io/kadras-io/package-for-metrics-server +``` + +The result: + +```shell +šŸ“¦ Supply Chain Security Related artifacts for an image: ghcr.io/kadras-io/package-for-metrics-server +ā””ā”€ā”€ šŸ’¾ Attestations for an image tag: ghcr.io/kadras-io/package-for-metrics-server:sha256-57a109b45ad86ffd9f47f3626800fed777f94ba4fbb5eb1ca1a9a4286f66c9ed.att + ā””ā”€ā”€ šŸ’ sha256:55cbf5575b996f11aa5d5ead0eb862b9818fff38b96d8bfe1618df393c377d89 +ā””ā”€ā”€ šŸ” Signatures for an image tag: ghcr.io/kadras-io/package-for-metrics-server:sha256-57a109b45ad86ffd9f47f3626800fed777f94ba4fbb5eb1ca1a9a4286f66c9ed.sig + ā””ā”€ā”€ šŸ’ sha256:7a74656a666a70f6e79274cec2aad64fdfc7af13e255fe85f50dadbebb688529 +``` + +You can verify the signature and its claims: + +```shell +cosign verify \ + --certificate-identity-regexp https://github.com/kadras-io \ + --certificate-oidc-issuer https://token.actions.githubusercontent.com \ + ghcr.io/kadras-io/package-for-metrics-server | jq +``` + +You can also verify the SLSA Provenance attestation associated with the image. + +```shell +cosign verify-attestation --type slsaprovenance \ + --certificate-identity-regexp https://github.com/slsa-framework \ + --certificate-oidc-issuer https://token.actions.githubusercontent.com \ + ghcr.io/kadras-io/package-for-metrics-server | jq .payload -r | base64 --decode | jq +``` diff --git a/package/config/kapp-config.yml b/package/config/kapp-config.yml index df6b0cc..cfadb61 100644 --- a/package/config/kapp-config.yml +++ b/package/config/kapp-config.yml @@ -6,6 +6,7 @@ minimumRequiredVersion: 0.50.0 #! Rebase rules explicitly define how kapp should merge resources during an update. #! See more about the resource merge method: https://carvel.dev/kapp/docs/latest/merge-method. rebaseRules: + - path: [spec, caBundle] type: remove resourceMatchers: diff --git a/package/config/overlays/api-service.yml b/package/config/overlays/api-service.yml index 503137b..45da651 100644 --- a/package/config/overlays/api-service.yml +++ b/package/config/overlays/api-service.yml @@ -1,7 +1,7 @@ #@ load("@ytt:data", "data") #@ load("@ytt:overlay", "overlay") -#@overlay/match by=overlay.subset({"kind": "APIService"}) +#@overlay/match by=overlay.subset({"kind":"APIService"}) --- spec: insecureSkipTLSVerify: #@ data.values.metricsServer.config.apiServiceInsecureTLS diff --git a/package/config/overlays/deployment.yml b/package/config/overlays/deployment.yml index b516846..e627e5c 100644 --- a/package/config/overlays/deployment.yml +++ b/package/config/overlays/deployment.yml @@ -1,7 +1,7 @@ #@ load("@ytt:data", "data") -#@ load("@ytt:yaml", "yaml") #@ load("@ytt:overlay", "overlay") #@ load("@ytt:template", "template") +#@ load("@ytt:yaml", "yaml") #@ def is_toleration_specified(toleration): #@ return toleration in yaml.decode(yaml.encode(data.values.metricsServer.config.tolerations)) @@ -14,7 +14,7 @@ #@ default_tolerations += [{"effect":"NoSchedule", "key":"node-role.kubernetes.io/control-plane"}] #@ end -#@overlay/match by=overlay.subset({"kind": "Deployment", "metadata": {"name": "metrics-server"}}) +#@overlay/match by=overlay.subset({"kind":"Deployment", "metadata":{"name":"metrics-server"}}) --- spec: #@overlay/match-child-defaults missing_ok=True diff --git a/package/config/overlays/namespace.yml b/package/config/overlays/namespace.yml index 9593ea3..a7a0748 100644 --- a/package/config/overlays/namespace.yml +++ b/package/config/overlays/namespace.yml @@ -1,5 +1,5 @@ -#@ load("@ytt:overlay", "overlay") #@ load("@ytt:data", "data") +#@ load("@ytt:overlay", "overlay") #@ load("@ytt:yaml", "yaml") #@ metricsServerNamespace = "" diff --git a/package/config/overlays/registry-credentials.yml b/package/config/overlays/registry-credentials.yml new file mode 100644 index 0000000..be24b36 --- /dev/null +++ b/package/config/overlays/registry-credentials.yml @@ -0,0 +1,30 @@ +#@ load("@ytt:data", "data") +#@ load("@ytt:overlay", "overlay") + +#! This Secret will be populated by secretgen-controller with the credentials to authenticate +#! with the container registry from where to pull the images to deploy (if authentication is required). +#! Such credentials should grant read-only access to the private container registry. +#! Use cases: private registries or air-gapped scenarios. + +#@ image_pull_secret_name = "canonical-registry-credentials" + +--- +apiVersion: v1 +kind: Secret +metadata: + name: #@ image_pull_secret_name + namespace: #@ data.values.namespace + annotations: + secretgen.carvel.dev/image-pull-secret: "" +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: e30K + +#@overlay/match by=overlay.subset({"kind":"Deployment"}), expects="1+" +--- +spec: + template: + spec: + #@overlay/match missing_ok=True + imagePullSecrets: + - name: #@ image_pull_secret_name diff --git a/package/config/overlays/registry-secrets.yml b/package/config/overlays/registry-secrets.yml deleted file mode 100644 index 6c06fe5..0000000 --- a/package/config/overlays/registry-secrets.yml +++ /dev/null @@ -1,27 +0,0 @@ -#@ load("@ytt:data", "data") -#@ load("@ytt:overlay", "overlay") - -#@ secret_name = "private-registry-secret" - -#! This Secret will be populated by secretgen-controller with the credentials -#! to authenticate with the container registry (if authentication is required). ---- -apiVersion: v1 -kind: Secret -metadata: - name: #@ secret_name - namespace: #@ data.values.namespace - annotations: - secretgen.carvel.dev/image-pull-secret: "" -type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: e30K - -#@overlay/match by=overlay.subset({"kind":"Deployment","metadata":{"namespace":data.values.namespace}}),expects="1+" ---- -spec: - template: - spec: - #@overlay/match missing_ok=True - imagePullSecrets: - - name: #@ secret_name diff --git a/package/config/overlays/update-strategy.yml b/package/config/overlays/update-strategy.yml index f8ddfad..9a4e045 100644 --- a/package/config/overlays/update-strategy.yml +++ b/package/config/overlays/update-strategy.yml @@ -1,5 +1,5 @@ -#@ load("@ytt:overlay", "overlay") #@ load("@ytt:data", "data") +#@ load("@ytt:overlay", "overlay") #! We are adding this overlay in the package to accomandate the need from vSphere supervisor cluster: #! `deployment.spec.strategy.type` is configured to `RollingUpdate` diff --git a/package/package-resources.yml b/package/package-resources.yml index 7ace888..2c92dbf 100755 --- a/package/package-resources.yml +++ b/package/package-resources.yml @@ -7,7 +7,7 @@ spec: licenses: - Apache 2.0 refName: metrics-server.packages.kadras.io - releaseNotes: https://github.com/kubernetes-sigs/metrics-server/releases + releaseNotes: https://github.com/kadras-io/package-for-metrics-server/releases releasedAt: null template: spec: @@ -21,127 +21,7 @@ spec: - config - kbld: {} valuesSchema: - openAPIv3: - additionalProperties: false - description: OpenAPIv3 Schema for metrics-server - properties: - daemonset: - additionalProperties: false - properties: - updateStrategy: - default: null - description: Update strategy of daemonsets - nullable: true - type: string - type: object - deployment: - additionalProperties: false - properties: - rollingUpdate: - additionalProperties: false - properties: - maxSurge: - default: null - description: The maxSurge of rollingUpdate. Applied only if RollingUpdate - is used as updateStrategy - nullable: true - type: integer - maxUnavailable: - default: null - description: The maxUnavailable of rollingUpdate. Applied only if - RollingUpdate is used as updateStrategy - nullable: true - type: integer - type: object - updateStrategy: - default: null - description: Update strategy of deployments - nullable: true - type: string - type: object - metricsServer: - additionalProperties: false - properties: - config: - additionalProperties: false - properties: - apiServiceInsecureTLS: - default: true - description: Whether to enable insecure TLS for metrics-server api - service - type: boolean - args: - default: [] - description: Arguments passed into metrics-server container - items: - default: "" - type: string - type: array - probe: - additionalProperties: false - properties: - failureThreshold: - default: 3 - description: Probe failureThreshold of metrics-server deployment - type: integer - periodSeconds: - default: 10 - description: Probe period of metrics-server deployment - type: integer - type: object - securePort: - default: 4443 - description: The HTTPS secure port used by metrics-server - type: integer - tolerations: - default: [] - description: Metrics-server deployment tolerations - nullable: true - updateStrategy: - default: RollingUpdate - description: The update strategy of the metrics-server deployment - type: string - type: object - createNamespace: - default: true - description: Whether to create namespace specified for metrics-server - type: boolean - image: - additionalProperties: false - properties: - name: - default: "" - description: The path of image - type: string - pullPolicy: - default: IfNotPresent - description: The pull policy of image - type: string - repository: - default: "" - description: The repository of metrics-server image - type: string - tag: - default: "" - description: The image tag - type: string - type: object - namespace: - default: null - description: The namespace value used by older templates, will be overwriten - if top level namespace is present, kept for backward compatibility - nullable: true - type: string - type: object - namespace: - default: kube-system - description: The namespace in which metrics-server is deployed - type: string - nodeSelector: - default: null - description: NodeSelector configuration applied to all the deployments - nullable: true - type: object + openAPIv3: {} version: 0.0.0 --- @@ -163,6 +43,8 @@ spec: providerName: Kadras shortDescription: Scalable and efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines. + supportDescription: Go to https://kadras.io for documentation and https://github.com/kadras-io/package-for-metrics-server + for community support. --- apiVersion: packaging.carvel.dev/v1alpha1 diff --git a/package/vendir.yml b/package/vendir.yml index 4600def..460802e 100644 --- a/package/vendir.yml +++ b/package/vendir.yml @@ -10,4 +10,4 @@ directories: path: . path: config/upstream kind: Config -minimumRequiredVersion: "" +minimumRequiredVersion: 0.32.0 diff --git a/test/integration/default/00-assert.yaml b/test/integration/default/00-assert.yaml new file mode 100644 index 0000000..f701275 --- /dev/null +++ b/test/integration/default/00-assert.yaml @@ -0,0 +1,34 @@ +# Controller +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metrics-server + namespace: kube-system +spec: + replicas: 1 +status: + readyReplicas: 1 + +# Image Pull Secret +--- +apiVersion: v1 +kind: Secret +metadata: + name: canonical-registry-credentials + namespace: kube-system + annotations: + secretgen.carvel.dev/image-pull-secret: "" +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: e30K +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: kube-system +spec: + template: + spec: + imagePullSecrets: + - name: canonical-registry-credentials diff --git a/test/integration/default/00-install.yaml b/test/integration/default/00-install.yaml new file mode 100644 index 0000000..8bef8e2 --- /dev/null +++ b/test/integration/default/00-install.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: | + cd ../../../package && \ + kubectl config set-context --current --namespace=tests && \ + ytt -f ../test/integration/default/config -f package-resources.yml | kctrl dev -f- --local -y diff --git a/test/integration/default/01-uninstall.yaml b/test/integration/default/01-uninstall.yaml new file mode 100644 index 0000000..5a2e489 --- /dev/null +++ b/test/integration/default/01-uninstall.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: | + cd ../../../package && \ + kubectl config set-context --current --namespace=tests && \ + ytt -f ../test/integration/default/config -f package-resources.yml | kctrl dev -f- --local --delete -y diff --git a/test/integration/default/config/overlay.yml b/test/integration/default/config/overlay.yml new file mode 100644 index 0000000..e86a5bb --- /dev/null +++ b/test/integration/default/config/overlay.yml @@ -0,0 +1,9 @@ +#@ load("@ytt:overlay", "overlay") + +#@overlay/match by=overlay.subset({"metadata":{"name":"metrics-server"}, "kind":"PackageInstall"}) +--- +spec: + #@overlay/match missing_ok=True + values: + - secretRef: + name: metrics-server-values diff --git a/test/integration/default/config/values.yml b/test/integration/default/config/values.yml new file mode 100644 index 0000000..dd9e367 --- /dev/null +++ b/test/integration/default/config/values.yml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: metrics-server-values + namespace: tests +stringData: + values.yaml: | + # Default configuration diff --git a/test/integration/kuttl-test.yml b/test/integration/kuttl-test.yml new file mode 100644 index 0000000..3bd3aa5 --- /dev/null +++ b/test/integration/kuttl-test.yml @@ -0,0 +1,12 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestSuite +testDirs: +- ./test/integration +manifestDirs: +- ./test/setup/assets +parallel: 1 +startKIND: true +kindContext: integration +kindNodeCache: true +timeout: 120 +artifactsDir: /tmp/kuttl-artifacts diff --git a/test/setup/assets/namespace.yml b/test/setup/assets/namespace.yml new file mode 100644 index 0000000..e903508 --- /dev/null +++ b/test/setup/assets/namespace.yml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: tests diff --git a/test/test-setup/prepare.yml b/test/setup/assets/rbac.yml similarity index 76% rename from test/test-setup/prepare.yml rename to test/setup/assets/rbac.yml index 0671981..fa90104 100644 --- a/test/test-setup/prepare.yml +++ b/test/setup/assets/rbac.yml @@ -1,22 +1,16 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: carvel-test - --- apiVersion: v1 kind: ServiceAccount metadata: name: kadras-install-sa - namespace: carvel-test + namespace: tests --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: kadras-install-role - namespace: carvel-test + namespace: tests rules: - apiGroups: - '*' @@ -30,11 +24,10 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: kadras-install-role-binding - namespace: carvel-test subjects: - kind: ServiceAccount name: kadras-install-sa - namespace: carvel-test + namespace: tests roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/test/setup/kind/v1.24/kind-config.yml b/test/setup/kind/v1.24/kind-config.yml new file mode 100644 index 0000000..c8b4d22 --- /dev/null +++ b/test/setup/kind/v1.24/kind-config.yml @@ -0,0 +1,8 @@ +--- +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +nodes: +- role: control-plane + image: kindest/node:v1.24.7 +- role: worker + image: kindest/node:v1.24.7 diff --git a/test/setup/kind/v1.25/kind-config.yml b/test/setup/kind/v1.25/kind-config.yml new file mode 100644 index 0000000..030c05e --- /dev/null +++ b/test/setup/kind/v1.25/kind-config.yml @@ -0,0 +1,8 @@ +--- +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +nodes: +- role: control-plane + image: kindest/node:v1.25.3 +- role: worker + image: kindest/node:v1.25.3 diff --git a/test/setup/kind/v1.26/kind-config.yml b/test/setup/kind/v1.26/kind-config.yml new file mode 100644 index 0000000..0774507 --- /dev/null +++ b/test/setup/kind/v1.26/kind-config.yml @@ -0,0 +1,8 @@ +--- +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +nodes: +- role: control-plane + image: kindest/node:v1.26.2 +- role: worker + image: kindest/node:v1.26.2 diff --git a/test/test.sh b/test/test.sh deleted file mode 100755 index 05c0a4d..0000000 --- a/test/test.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -echo -e "\nšŸš¢ Setting up Kubernetes cluster...\n" - -kapp deploy -a test-setup -f test/test-setup -y -kubectl config set-context --current --namespace=carvel-test - -# Wait for the generation of a token for the new Service Account -while [ $(kubectl get configmap --no-headers | wc -l) -eq 0 ] ; do - sleep 3 -done - -echo -e "šŸ“¦ Deploying Carvel package...\n" - -cd package -kctrl dev -f package-resources.yml --local -y -cd .. - -echo -e "šŸŽ® Verifying package..." - -status=$(kapp inspect -a metrics-server.app --status --json | jq '.Lines[1]' -) -if [[ '"Succeeded"' == ${status} ]]; then - echo -e "āœ… The package has been installed successfully.\n" - exit 0 -else - echo -e "šŸš« Something wrong happened during the installation of the package.\n" - exit 1 -fi